Help - Search - Members - Calendar
Full Version: Blockpost V2-V4 Guide
B.I.S.S. Forums > Internet Security Forum > B.I.S.S. Security Guides
Moore
Mar 16 2004, 09:20 PM
##################################################################
:: Blockpost Plugin by DMUT/Fazion ::
##################################################################

Hi, this guide has been created to help you understand how to use the Blockpost plugin for Outpost firewall and the different ways to use your IP address blocklists.

Blockpost is a free 3rd party plugin for the security industry's leading personal firewall Outpost Pro from www.Agnitum.com.

Thanks to Dmut and Fazion from Outpost firewall forum for their fine work on this plugin.


###################################################################

Outpost Firewall / Blockpost Links:

Download Blockpost Link
http://www.outpostfirewall.com/forum/showthread.php?t=7229

Blockpost Forum
http://www.outpostfirewall.com/forum/forum...&forumid=59

Another version of this Blockpost V2-V4 Blocklist Guide at OP forum
http://www.outpostfirewall.com/forum/showthread.php?t=9846

Blockpost V1 Guide at OutpostFirewall.com
http://www.outpostfirewall.com/guide/the_o...s/blockpost.htm

---

Blockpost Versions

Check that you have the correct version of Blockpost for your version of Outpost.

In this guide I will be installing the most current version of Blockpost for Outpost 3.51- 4.0.

Previous versions of Outpost, [ V1/V2 ] require earlier versions of Blockpost to be installed.

The date will be in the filename of the Blockpost installation file.

---

:: Blockpost Lists ::

Pre-made Spyware/malware and ads-trackers blocklists can be found here for free download at Outpost forum:

http://www.outpostfirewall.com/forum/showthread.php?t=16815

I will try to keep these lists as up to date as possible.

For daily updates please use the Blocklist Manager [more info on BLM in the guide below ].

#####################################################################

Blockpost READ ME file

QUOTE
If you have a question regarding this plug-in,
please post it in Official Agnitum Forums www.outpostfirewall.com in Plug-in Developers area.

This plug-in provided "Restricted Zone" feature,
i.e. every IP-packet and every higher protocols packet: ICMP, TCP, UDP, HTTP, etc.
from or to IP address in "Restricted Zone" list to be dropped/rejected.

This plug-in has maximum possible priority in OP packet processing algorithm,
this means: higher than "Trusted application", "Trusted Zone", etc. No one from your applications,
including operation system, could be able to send or receive any IP data
and higher from (or to) host included in "Restricted Zone".

Feedback and bug reports are strongly appreciated, please use this forum
http://www.outpostfirewall.com/forum/forum...&forumid=56
Some tips:
- click on column to sort block list, and double-click to reverse sorting
- to edit entry, right click on it and data from entry to be transferred to "Add new entry" panel,
  then delete current entry from a list, do some edit and then click "Add"
- do not use "Rebuild" too often, it's takes a lot of time, and create noticeable DNS traffic;
  some ISP may think you doing DOS attack
- to select all items, do double right-click on list



########################################################################

:: Installation ::

########################################################################

If Outpost is running , right click the systray icon and choose shutdown & exit.

- If you are connected to the internet without a router , please disconnect from the internet before shutting your firewall down to prevent any malicious intrusions.



--

Double click the blockpost install .exe file:



To install click the agree&install button wink.gif :






########################################################################

Enable Blockpost !

Check that the Blockpost Plugin is enabled by right clicking on the icon in outpost and choose enable plugin

If you dont do this first , it simply wont block anything ! rtfm.gif

########################################################################



-

Click on properties to bring up the default Blockpost Gui.

** Blockpost will not have any entries to display until you have loaded a blocklist into it **

-





** The allow port 80 / https checkbox should not be selected , unless you are well aware of the consequences. Blockpost will no longer monitor these ports and your web surfing will be totally unprotected by Blockpost. This selection would most apply to p2p users with extreme blocklists that limit their web surfing. The choice is yours.

-

By selecting the systray notifier option you will have an icon for Blockpost display in the systray next to Outpost icon. You will need to restart Outpost after activating the systray notifier.. If it still does not appear then reboot.



Here you can now access the various functions for Blockpost without the need to launch Outpost Gui [ graphical user interface ] directly :










###################################################################
Moore
Mar 12 2006, 06:59 AM
###################################################
Blockpost V2/V3/V4 Format
###################################################

:: Example Blocklist Entries ::

=--=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

Here is short description [thanks to Dmut] about the IP format Blockpost uses:

1,209.133.244.0/209.133.255.255#MEDIASENTRY-MEDIAFORCE
2,203.1.254.0-203.1.254.255#ASIO
3,hop.clickbank.net,209.81.0.46

1,IP/MASK#comment - entry with masked IP
2,IP1-IP2#comment - entry with range from IP1 to IP2
3,host,IP#comment - entry with symbolic hostname

in all 3 cases "#comment" is optional.

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

The Blockpost List format for importing looks like this.

Make sure if you are creating your own custom lists that you dont forget to add this to the first line #BLOCKPOST V2..

#BLOCKPOST V2
2,1.0.0.0-3.255.255.255#IANA-Reserved
2,4.0.0.0-4.255.255.255#Genuity
2,5.0.0.0-5.255.255.255#IANA Reserved
2,6.0.0.0-6.255.255.255#DoD Network Information Center GM
2,7.0.0.0-7.255.255.255#DoD Network-IANA-Reserved
2,8.0.0.0-8.255.255.255#Genuity
2,9.0.0.0-9.255.255.255#IBM
2,10.0.0.0-10.255.255.255#IANA-Private Use
2,11.0.0.0-11.255.255.255#DoD Network

###########################################################################

For managing your blocklists and using them with Blockpost plugin , you have the option of using Bluetacks online converter , or the Bluetack Blocklist manager.

There are also pre-made blocklists already provided, such as the ones freely available at Outpost firewall forum or in the Bluetack Blacklists downloads section.

You can also create your own personal custom blocklists to block only what you want, its really very easy.

###########################################################################





To import your IP blocklist into blockpost , open blockpost plugin from outpost main control by right clicking and go to properties to get the Blockpost interface to show, then click on the import tab and search for the folder where you have stored it and then doubleclick [or select and open] on the list to import it into Blockpost ..

.. I like to import my IP's even when I have only a few to add..

Its much quicker than adding them one at a time , so you dont even have to be using large IP lists to benefit from this feature.




Blockpost also has a feature to add ranges manually if you need to.




###################################################################


The first option for getting your blocklists into Blockpost format from the default Protowall format we use here at Bluetack, is to use the blocklist converter.

To convert your choice of IPs into Blockpost V2/V3 format follow these simple steps:

Go here to find the online converter:
http://bluetack.co.uk/convert.html

set up the converter to use peerguardian format as the source and blockpost V2 as the Output format.
other options are listed in the pic , these are my settings that i choose to use




paste in your current IP list and wait for the converter to accept the ips , it might take a bit longer if you have very large lists.



now sit back and wait for the conversion, this can take a minute maybe even more if you have a super sized list , please have patience.



##################################################################


second option is to download and install the Bluetack Blocklist Manager:

Blocklist manager links:
http://bluetack.co.uk/blmhelp
http://www.bluetack.co.uk/forums/index.php...p?showtopic=856

BLM guide in security tools [members section]
http://www.bluetack.co.uk/forums/index.php...?showtopic=1469

Support for the app can be found here
You must be registered at the forum for support.
http://www.bluetack.co.uk/forums/index.php...hp?showforum=53


The BLM will allow you to download the current antip2p.txt file and many other blocklist sources of your choice:



this is a shot of the BLM in the middle of downloading the antip2p ip file...



Once your list has been downloaded you can press the convert tab in the centre of the BLM main window and then select the option for Outpost V2 format in the drop down box..



After this , save your V2/V3 IP list somewhere you will remember , and then go to blockpost and import it following the information in the beggining part of the guide. now you have a updated Blocklist.

##########################################################################
Moore
Aug 9 2006, 10:59 PM
HELP ! Blockpost Doesnt Block Everything !!

Q:
QUOTE
I have now found that "Blockpost [ or Protowall ] " is not blocking everything it should.

I have the exact same blocklist in Blockpost and in eMule [ or similar P2P app ] that supports IP blocking , and I still see packets from blocked IPs getting through to eMule , which then has to block it itself.

So, there is definitely some blocked IPs filtering through Blockpost.



A: <> LINK <>

QUOTE
This is a common misconception. if the packet going to/coming from a blocked ip address actually reaches Blockpost [ or Protowall ] then it will be blocked (this is also true of any firewall which blocks ips). there are cases, however, where it will not reach BP/PW at all. here's an example:

Say you are running eMule with IP blocking enabled. You have a file which someone, who you don't want to serve it to, wants to download.

They make a request directly to get the file. They are blocked. Now, because eMule is designed to work behind restrictive firewalls, and your client has a connection to the hub, the request to download the file is then made via the hub. The request is accepted and passed onto your client (the hub isn't blocked).

Your eMule client then tries to connect from your machine to the bad ip and push the file to them. eMule will check the list to see if the destination ip is blacklisted. It will then block it. BP/PW will never see that packet, because it has already been blocked.

If eMule is logging blocked packets, then you will see that eMule has done the job for you

If your p2p software works in a similar manner (i expect it does) then you will see packets blocked by the p2p app as well. This is perfectly normal and nothing to worry about. I hope that makes sense.
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.
Invision Power Board © 2001-2012 Invision Power Services, Inc.